CVE-2014-8578
Published: 31 October 2014
Cross-site scripting (XSS) vulnerability in the Groups panel in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than CVE-2014-3475.
Notes
Author | Note |
---|---|
jdstrand | Ubuntu 12.04 LTS not affected, introduced by: https://review.openstack.org/gitweb?p=openstack/horizon.git |
Priority
Status
Package | Release | Status |
---|---|---|
horizon Launchpad, Ubuntu, Debian |
upstream |
Released
(2013.2.4,2014.1.2,2014.1.1-3)
|
lucid |
Does not exist
|
|
precise |
Not vulnerable
|
|
trusty |
Does not exist
(trusty was released [1:2014.1.2-0ubuntu1.1])
|
|
utopic |
Not vulnerable
(1:2014.2~b2-0ubuntu1)
|
|
Patches: upstream: https://review.openstack.org/105478 (havana) upstream: https://review.openstack.org/105477 (icehouse) upstream: https://review.openstack.org/105476 (juno) |